Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orion_platform vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-35244
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing ...
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
4.3
CVSSv3
CVE-2021-35248
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
Solarwinds Orion Platform
Solarwinds Orion Platform 2020.2.6
8.8
CVSSv3
CVE-2021-35213
An Improper Access Control Privilege Escalation Vulnerability exists in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability. Authentication is required to exploit the vulnerability.
Solarwinds Orion Platform
8.1
CVSSv3
CVE-2021-35221
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
9.6
CVSSv3
CVE-2021-35222
This vulnerability allows malicious users to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
Solarwinds Orion Platform
4.8
CVSSv3
CVE-2021-35240
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.
Solarwinds Orion Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started